diff options
| author | Matthias Schiffer <mschiffer@universe-factory.net> | 2015-01-09 17:31:10 +0100 |
|---|---|---|
| committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2015-01-09 17:31:10 +0100 |
| commit | 68462604fa5441c692f9442f70ea30ac69252ae4 (patch) | |
| tree | 91fb961143a4981e9ff1a0dbd375c1740e318a5c /src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c | |
| parent | 7286aff2c39a52ab9a92a815dd54d21dd7ed6871 (diff) | |
| download | fastd-68462604fa5441c692f9442f70ea30ac69252ae4.tar fastd-68462604fa5441c692f9442f70ea30ac69252ae4.zip | |
ec25519-fhmqvc: optimize handshake by using embedded group element verification
Using the embedded group element verification allows us to get away without
explicit verification, thus needing one scalar multiplication less. This reduces
the number of expensive operations needed for a handshake to three: one Galois
field square root (for key unpacking) and two scalar multiplications.
For this optimization to be secure, private keys must be divisible by 8. This is
the case for all keys generated with all but extremely old versions of fastd
(pre-0.4). If fastd finds that its secret is not divisible by 8, it will refuse
to start now.
Diffstat (limited to 'src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c')
| -rw-r--r-- | src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c b/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c index 17f8268..97cdb3d 100644 --- a/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c +++ b/src/protocols/ec25519_fhmqvc/ec25519_fhmqvc.c @@ -71,6 +71,9 @@ static fastd_protocol_config_t * protocol_init(void) { ecc_25519_scalarmult_base(&work, &protocol_config->key.secret); ecc_25519_store_packed(&protocol_config->key.public.int256, &work); + if (!divide_key(&protocol_config->key.secret)) + exit_error("invalid secret key"); + return protocol_config; } |